Home > Vulnerability Database > CVE-2022-30580

Mend.io Vulnerability Database

CVE-2022-30580

Date: August 9, 2022

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.

Language: Go

Severity Score

7.8

Related Resources (10)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-30580

Url: https://github.com/golang/go/commit/590b53fac9ebdb259b32e82805dec1cc96987930

Url: https://security.alpinelinux.org/vuln/CVE-2022-30580

Url: https://vulmon.com/vulnerabilitydetails?qid=CVE-2022-30580

Url: https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ

Url: https://go.dev/cl/403759

Url: https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e

Url: https://pkg.go.dev/vuln/GO-2022-0532

Url: https://go.dev/issue/52574

Url: https://www.mend.io/vulnerability-database/CVE-2022-30580

Severity Score

7.8

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-30580

Date: August 9, 2022

Language: Go

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?